Cyber Criminals Are Aiming At Business

2018 has been the year when crypto-miners first dethroned ransomware as the most prevalent threat due to a meteoric spike in Bitcoin value in late 2017, then slowly trailed off when it began to nosedive.
 
It’s also been the year of the mega breach (Facebook, Marriott, MyHeritage, Quora, etc.), the year when extortionists and sextortionists began increasingly capitalising on stale PII from old breaches, and the year when malicious spam replaced exploits as the favorite attack vector. Finally, 2018 has also been the year when cybercriminals definitely realised businesses are juicier targets than individuals.
 
“Over the year, we have seen more attacks against businesses, more detections of malware on their endpoints, and a greater focus on what cybercriminals consider a more lucrative target,” Malwarebytes shared in its latest yearly State of Malware report.
 
“In fact, four of our top seven business detections increased by more than 100 percent from 2017 to 2018.”
 
The biggest malware threats
Trojans – a broad designation used for malware that does not fall directly into spyware or adware or backdoor categories – tops the list of Malwarebytes’ most common business detections in all regions of the globe.
The category was topped by the Emotet family, which uses exploits (e.g., EternalBlue) to compromise unpatched systems, credential brute forcing to move laterally throughout corporate networks, and its built-in spam module to send out malicious spam and infect systems outside the network.
 
“Spyware detections have climbed significantly due to similar variants and families of Emotet and TrickBot being identified as spyware in the wild—a clear sign of the focus threat actors have placed on information stealing and establishing holds on corporate networks,” the researchers noted.
 
Emotet and TrickBot are former banking Trojans with have evolved into droppers with multiple modules for spam production, lateral propagation through networks, data skimmers, and even crypto-wallet stealers, in other words, ideal tools for stealing ultra-sensitive data from businesses.
 
Trickbot often accompanies Emotet, as the latter drops the former as a secondary payload. Like Emotet, it exploits a SMB vulnerability (with the EternalRomance exploit) for lateral movement inside a network.
 
Ransomware is also being pushed more onto businesses. SamSam-wielding criminals continue to target organisations in many verticals, and it has recently been shared by CrowdStrike and FireEye researchers that a cybercriminal group dubbed Grim Spider has been using the Ryuk ransomware to exclusively target enterprises which have previously been compromised via the TrickBot Trojan.
 
Other notable threats in 2018 were website data-harvesting attacks (Magecart), malicious browser extensions, plugin and browser exploits, IoT malware, and various scams.
 
What’s to Come?
With the proviso that they can only make educated guesses about the likely 2019 threats and trends, the researchers have shared their predictions for the year.
 
Interspersed among the expected ones, more IoT botnets, the slow death of crypto mining on desktops, the increase of frequency and sophistication of digital skimming, SMB vulnerabilities continuing to be challenging for organizations – are some uncommon ones:
• Sound loggers – keyloggers that are able to listen to the cadence and volume of tapping to determine which keys are struck on a keyboard, will slip into the wild.
• AI will be used to create and modify malicious executables in order to avoid being detected by deployed security tools.
• Bring Your Own Security (BYOS). “More and more consumers are bringing their own security to the workplace as a first or second layer of defense to protect their personal information,” the researchers concluded.
 

HelpNetSecurity:

You Might Also Read:

The Attack Surface Is Growing Faster Than Ever:

« US Intelligence Chief Warns Of ‘ever more diverse’ Threats
Hackers Use PayPal To Go Phishing »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

ESG Elektroniksystem- und Logistik-GmbH

ESG Elektroniksystem- und Logistik-GmbH

ESG offer a comprehensive portfolio of cyber and IT services ranging from consulting, solutions and operations to testing, simulation and training.

Detack

Detack

Detack is an independent supplier of IT security auditing and consulting services.

PKWARE

PKWARE

PKWARE is a global leader in business data security, providing encryption and compression solutions to enterprise customers and government entities around the world.

Center for Long-Term Cybersecurity (CLTC)

Center for Long-Term Cybersecurity (CLTC)

The Center for Long-Term Cybersecurity is developing and shaping cybersecurity research and practice based on a long-term vision of the internet and its future.

Excelsecu Data Technology

Excelsecu Data Technology

Excelsecu is a global solution provider of online identity authentication, widely applied in banks, government bodies and enterprises.

Osirium

Osirium

The Osirium PxM Privileged Access Management platform addresses both security and compliance requirements by defining who gets access to what and when.

CyberQ Group

CyberQ Group

CyberQ is an award winning cyber security consultancy and services provider and an innovator in Artificial Intelligence and Automated Cyber Security.

Raonsecure

Raonsecure

Raonsecure is one of Korea’s leading ICT security software companies – providing a variety of PC and mobile security solutions to financial institutions, government, and enterprise.

Horizon3.ai

Horizon3.ai

Horizon3.ai is a leader in security assessment and validation enabling continuous security overwatch from an attacker’s perspective through our NodeZero SaaS solution.

Recon InfoSec

Recon InfoSec

The Recon InfoSec team includes analysts, architects, engineers, intrusion specialists, penetration testers, and operations experts.

FourNet

FourNet

FourNet is an award-winning provider of cloud and managed services; we work closely with our clients to enable digital transformation across their organisation.

Extreme Networks

Extreme Networks

Since 1996, Extreme has been pushing the boundaries of networking technology, driven by a vision of making it simpler and faster as well as more agile and secure.

GTT Communications

GTT Communications

GTT are a global network provider that serves thousands of multinational and national enterprise, government and carrier customers with a portfolio of advanced connectivity and security services.

NewEvol

NewEvol

Don’t React, Evolve! Outsmart threats with real-time AI-powered dynamic defense capability of NewEvol all-in-one cybersecurity platform.

Toro Solutions

Toro Solutions

Toro provide managed security & consultancy to keep governments, businesses & society resilient in the space where cyber, physical & people security converge.

Trustmi

Trustmi

Trustmi is a leading fintech cybersecurity solution designed to prevent financial losses from fraud and errors, 24/7.